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DETAILED ACTION 



Priority 

. Receipt is acknowledged of the certified copy dated 3/12/2003 and submitted under 35 
U.S.C. 119(a)-(d), which papers have been placed of record in the file. 



Information Disclosure Statement 

The information disclosure statement submitted on 08-02-2006 has been considered by 
the Examiner and made of record in the application file. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was 
made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness 

or nonobviousness. 
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Claims 1-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crow et al. (U.S. Patent Application Publication # 2002/0161915 A1) in view of 
Ganesan et al. (U.S. Patent Application Publication # 2003/0069973 A1). 

Consider claim 1, Crow et al. show and disclose a method for receiving a 
plurality of packets from a network and distributing the packets to a plurality of protocol 
processors (Fig. 1 , that shows a Border Router 16 receiving a plurality of packets from 
the Internet 22, and distributing the packets to a plurality of protocol processors 24; 
paragraph 0018 discloses the same details) comprising the steps of: 
if a received packet is a fragmented packet, determining whether the received packet is 
a first fragment packet (Flowchart of Fig. 4, blocks 102 and 108 that test for a 
fragmented received packet and then check if it is the first (primary) fragment packet; 
paragraph 0037, lines 1-5 that disclose testing for a fragmented packet; paragraph 0038 
that discloses a test for the fragmented received packet being the first such packet); 
if the received packet is the first fragment packet, looking-up a fragment ID of the 
received packet, and comparing the result of the looked-up fragment ID with each list of 
a fragment look-up table into which the results of fragment looked-ups for other received 
packets are entered, to determine if there is a corresponding list (Fig. 4, block 110; 
paragraph 0039, lines 1-4 that disclose searching a translation table 82 into which the 
results of fragment looked-ups for other received packets are entered, to determine if 
there is a matching entry); 



Application/Control Number: 10/786,326 Page 4 

Art Unit: 2143 

searching an index indicating one of the protocol processors, and if the list 
corresponding to the result of the looked-up fragment ID exists in the fragment look-up 
table, entering the index into the corresponding list of the fragment look-up table (Fig. 4, 
block 114; paragraph 0040 that describes generating a fragment-context 92 (shown in 
Fig. 3) for the identified translation entry); and 

attaching the index as a tag to the received packet and transmitting the received packet 
to the corresponding one of the protocol processors (Fig. 4, block 116, paragraph 0041, 
lines 1-6 that disclose the translation process for the primary packet). 

However, Crow et al. do not disclose a method for looking up a tunnel ID of the 
received packet from a tunnel ID look-up table. 

In the same field of endeavor, Ganesan et al. disclose a method for looking up a 
tunnel ID of the received packet from a tunnel ID look-up table (Flowchart of Fig. 1 1 , 
blocks 1 120 and 1 122; paragraph 0177 which discloses that for received packets, 
based on the tunnel ID of the packet, NAT (Network Address Translation) lookups and 
mappings are applied, thereby disclosing looking up a tunnel ID of the received packet 
from a tunnel ID look-up table). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to provide a method for looking up a tunnel ID of the 
received packet from a tunnel ID look-up table, as taught by Ganesan et al., in the 
method of Crow et al., so that encapsulated received packets can be securely delivered 
through the firewall of the receiving node. 
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Consider claim 2, and as it applies to claim 1 above, Crow et al., as modified 
by Ganesan et al., further show and disclose a method, wherein the step of entering the 
index into the corresponding list of the fragment look-up table, includes newly entering 
the result of the looked-up fragment ID and the index into the fragment look-up table, if 
the list corresponding to the result of the looked-up fragment ID does not exist in the 
fragment look-up table (Fig. 3 that shows a sample address translation entry; Flowchart 
of Fig. 4, blocks 110-1 14; paragraph 0040 that discloses the process of generating a 
fragment-context 92 (shown in Fig. 3) for the identified translation entry 90). 

Consider claim 3, and as it applies to claim 1 above, Crow et al., as modified 
by Ganesan et al., further show and disclose the claimed method, wherein the step of 
transmitting the received packet includes attaching the index as the tag to a packet that 
has been previously received and stored in a fragment buffer and transmitting the 
previously received and stored packet to the corresponding one of the protocol 
processors, if the received packet is the first fragment and the list corresponding to the 
result of the looked-up fragment exists in the fragment look-up table (Flowchart of Fig. 
4, blocks 108-1 16 that disclose processing details for a primary (first) received 
fragmented packet, with block 116 showing the existence of a list corresponding to the 
result of the looked-up fragment in the fragment look-up table; block 118 and 120, 
wherein block 120 shows packets that have been previously received and stored in a 
fragment buffer). 
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Consider claim 4, and as it applies to claim 1 above, Crow et al., as modified 
by Ganesan et al., further show and disclose the claimed method, wherein if the 
received packet is not the first fragment (Flowchart of Fig. 4, block 108; paragraph 
0042, lines 1-4 that disclose the processing of a received packet that is not the first 
fragment), further comprising the steps of: 

looking-up the fragment ID of the received packet and comparing the result of the 
looked-up fragment ID with each list of the fragment look-up table, to determine if there 
is a corresponding list (Flowchart of Fig. 4, block 118; paragraph 0042, lines 4-10 that 
describe looking-up the fragment ID of the received packet and comparing the result of 
the looked-up fragment ID with each list of the fragment look-up table, to determine if 
there is a corresponding list); 

entering the result of the fragment ID looked-up for the received packet into the 
fragment look-up table, if the list corresponding to the result of the looked-up fragment 
does not exist in the fragment look-up table (Flowchart of Fig. 4, block 114; paragraph 
0040, lines 1-6 that disclose generating a fragment-context 92 for the identified 
translation entry 90); and 

storing the received packet in a fragment buffer (Flowchart of Fig. 4, block 120; 
paragraph 0042, lines 14-17 which disclose that the secondary fragment 34 is stored in 
the fragment memory 84). 

Consider claim 5, and as it applies to claim 4 above, Crow et al. show and 
disclose a method of the claimed invention, wherein if the list corresponding to the result 
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of the looked-up fragment ID exists in the fragment look-up table (Flowchart of Fig. 4, 
blocks 108 and 122; paragraph 0042 which discloses a check for presence of the list 
corresponding to the result of the looked-up fragment ID in the fragment look-up table; 
paragraph 0043, lines 1-4 which disclose that the list corresponding to the result of the 
looked-up fragment ID exists in the fragment look-up table), further comprising the steps 
of: 

determining whether the index corresponding to the result of the tunnel ID look-up exists 
in the corresponding list (Flowchart of Fig. 4, block 122; paragraph 0043 which 
discloses that the list corresponding to the result of the looked-up fragment ID exists in 
the fragment look-up table); and 

attaching the index as the tag to the received packet and transmitting the received 
packet to the corresponding one of the protocol processors, if the index exists in the 
corresponding list (Flowchart of Fig. 4, block 124; paragraph 0043, lines 7-13 which 
disclose that the secondary fragment is translated using the identified entry 90 and 
transmitted to one of the protocol processors). 

However, Crow et al. do not disclose a method for determining whether the index 
corresponding to the result of the tunnel ID look-up exists in the corresponding list. 

In the same field of endeavor, Ganesan et al. disclose a method for determining 
whether the index corresponding to the result of the tunnel ID look-up exists in the 
corresponding list (Flowchart of Fig. 1 1 , blocks 1 120 and 1 122; paragraph 0177 which 
discloses that for received packets, based on the tunnel ID of the packet, NAT (Network 
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Address Translation) lookups and mappings are applied, thereby disclosing looking up a 
tunnel ID of the received packet from a tunnel ID look-up table). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to provide a method for determining whether the index 
corresponding to the result of the tunnel ID look-up exists in the corresponding list, as 
taught by Ganesan et al., in the method of Crow et al., so that encapsulated received 
packets can be securely delivered through the firewall of the receiving node. 

Consider claim 6, and as it applies to claim 5 above, Crow et al., as modified 
by Ganesan et al., further show and disclose the claimed method, comprising the step 
of storing the received packet in the fragment buffer, if the index does not exist in the 
corresponding list (Flowchart of Fig. 4, blocks 108 and 120; paragraph 0042, lines 14-17 
which disclose that the secondary fragment 34 is stored in the fragment memory 84, if a 
fragment-context 92 does not exist for the secondary fragment 34 in the translation 
table 82). 

Consider claim 7, Crow et al. show and disclose an apparatus for distributing a 
plurality of packets to a plurality of protocol processors (Fig.1 , that shows a Border 
Router 16 receiving a plurality of packets from the Internet 22, and distributing the 
packets to a plurality of protocol processors 24; paragraph 0018 discloses the same 
details) comprising: 
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a receiving unit for receiving the packets from a network (In Fig. 1, shown by the right 
link between the Internet 22 and the Border Router 16); 

a fragment look-up table storage unit for storing fragment look-up table into which the 
result of a fragment looked-up on the received packet is entered (Fig. 1, Translation 
Table 82; paragraph 0029, lines 1-5 that disclose the storage unit for a fragment look-up 
table); 

a fragment look-up device for comparing the result of the fragment looked-up on the 
received packet with each list of the fragment look-up table, to determine whether the 
list corresponding to the result exists (Fig. 1, translation Engine 80; paragraph 0029, 
lines 1-5 that disclose the translation engine 80); and 

a dependant interface for transmitting the packet attached with the index to the 
corresponding one of the protocol processors (In Fig. 1, shown by the left link 20 
between the Border Router 16 and Protocol Processor Hosts 24). 

However, Crow et al. do not disclose an apparatus containing a tunnel ID look-up 
table storage unit for storing a tunnel ID look-up table having lists of indexes indicating 
the protocol processors corresponding to the tunnel IDs of the packets, respectively; 
and a tunnel ID look-up device for searching the index corresponding to the result of the 
tunnel ID looked-up on the received packet from the tunnel ID look-up table to attach 
the index as a tag to the received packet. 

In the same field of endeavor, Ganesan et al. disclose an apparatus containing a 
tunnel ID look-up table storage unit for storing a tunnel ID look-up table having lists of 
indexes indicating the protocol processors corresponding to the tunnel IDs of the 
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packets, respectively (Figure 6B, remote hash table rhashtblj, that includes storage for 
vpn_id which corresponds to tunnel information table); and 
a tunnel ID look-up device for searching the index corresponding to the result of the 
tunnel ID looked-up on the received packet from the tunnel ID look-up table to attach 
the index as a tag to the received packet (Fig. 8, VPN/IKE Module 830 performing the 
function of a tunnel ID look-up device; Flowchart of Fig. 1 1 , blocks 1 120 and 1 122; 
paragraph 0177 which discloses that for received packets, based on the tunnel ID of the 
packet, NAT (Network Address Translation) lookups and mappings are applied, thereby 
disclosing a tunnel ID look-up device for searching the index corresponding to the result 
of the tunnel ID looked-up on the received packet from the tunnel ID look-up table to 
attach the index as a tag to the received packet). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to provide an apparatus containing a tunnel ID look-up 
table storage unit for storing a tunnel ID look-up table having lists of indexes indicating 
the protocol processors corresponding to the tunnel IDs of the packets, respectively, 
and a tunnel ID look-up device for searching the index corresponding to the result of the 
tunnel ID looked-up on the received packet from the tunnel ID look-up table to attach 
the index as a tag to the received packet, as taught by Ganesan et al., in the apparatus 
of Crow et al., so that encapsulated received packets can be securely delivered through 
the firewall of the receiving node. 
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Consider claim 8, and as it applies to claim 7 above, Crow et al., as modified 
by Ganesan et al., further show and disclose an apparatus, wherein if the list 
corresponding to the result of the looked-up fragment does not exist in the fragment 
look-up table, the fragment look-up device newly enters the result of the looked-up 
fragment and the index into the fragment look-up table, if the received packet is a first 
fragment (Fig. 3 that shows a sample address translation entry; Flowchart of Fig. 4, 
blocks 110-1 14; paragraph 0040 that discloses the process of generating a fragment- 
context 92 (shown in Fig. 3) for the identified translation entry 90, if the received packet 
is a first fragment); and newly enters the result of the looked-up fragment into the 
fragment look-up table, if the received packet is not the first fragment (Flowchart of Fig. 
4, block 118; paragraph 0042, lines 4-10 that describe looking-up the fragment ID of the 
received packet which is not the first fragment and comparing the result of the looked- 
up fragment ID with each list of the fragment look-up table, to determine if there is a 
corresponding list; Flowchart of Fig. 4, block 114; paragraph 0040, lines 1-6 that 
disclose generating a fragment-context 92 for the identified translation entry 90). 

Consider claim 9, and as it applies to claim 7 above, Crow et al., as modified 
by Ganesan et al., further show and disclose an apparatus comprising, if the list 
corresponding to the result of the looked-up fragment and including the index does not 
exist in the fragment look-up table, a fragment buffer for storing the received packet if 
the received packet is not the first fragment (Flowchart of Fig. 4, block 120; paragraph 
0042, lines 14-17 which disclose that the secondary fragment 34 is stored in the 
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fragment memory 84, if the received packet is not the first fragment and there is no 
corresponding list in the fragment look-up table). 

Consider claim 10, and as it applies to claim 9 above, Crow et al., as modified 
by Ganesan et al., further show and disclose an apparatus wherein if the list 
corresponding to the result of the looked-up fragment and including the index exists in 
the fragment look-up table, the fragment look-up device attaches the index as the tag to 
the received packet to transmit the received packet to the corresponding one of the 
protocol processors (Flowchart of Fig. 4, block 124; paragraph 0043, lines 7-13 which 
disclose that if a list corresponding to the looked-up fragment exists in the fragment 
look-up table, the secondary fragment is translated using the identified entry 90 and 
transmitted to one of the protocol processors). 

Consider claim 11, and as it applies to claim 9 above, Crow et al., as modified 
by Ganesan et al., further show and disclose an apparatus wherein in the case of the 
received packet being the first fragment, the fragment look-up device attaches the index 
as the tag to each packet being a subsequent fragment following the first fragment and 
being stored in the fragment buffer to transmit each subsequent fragment packet via the 
dependant interface to the corresponding one of the protocol processors, if the list 
conforming to the result of the looked-up fragment exists in the fragment look-up table 
(Flowchart of Fig. 4, blocks 108-1 16 that disclose processing details for a primary (first) 
received fragmented packet, with block 116 showing the existence of a list 
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corresponding to the result of the looked-up fragment in the fragment look-up table; 
block 118 and 120, wherein block 120 shows packets that have been previously 
received and stored in a fragment buffer being transmitted). 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

US Patent Application Publication # 2002/0095512 A1, inventors: Rana et al. 
filed 02/23/2001 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed 

to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Art Unit: 2143 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 

Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Kishin G. Belani whose telephone number is (571) 270- 
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1768. The Examiner can normally be reached on Monday-Thursday from 6:30 am to 
5:00 pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, David Wiley can be reached on (571) 272-3923. The fax phone number for 
the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free) or 703-305-3028. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist/customer service whose telephone 
number is (571)272-0800. 

Kishin G. Belani 
K.G.B./kgb 
August 12, 2007 



